Ktor Client
Kotlin Multiplatform HTTP client built for coroutines. Ktor Client runs on JVM, Android, iOS (Darwin), JS, and WebAssembly — the same client code works across all platforms. Uses a plugin architecture for JSON serialization (kotlinx.serialization), auth, logging, content negotiation, and retry. The standard choice for Kotlin Multiplatform networking, also widely used for Kotlin server-side agent clients.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
TLS via platform engine (OkHttp, NSURLSession, etc.). Certificate pinning configurable per engine. JetBrains maintains. No built-in secret storage.
⚡ Reliability
Best When
You're building Kotlin Multiplatform code that needs shared HTTP client logic across Android, iOS, JVM, and JS targets.
Avoid When
You're Android-only and already invested in OkHttp + Retrofit — Ktor Client doesn't add value without the multiplatform requirement.
Use Cases
- • Build shared agent networking code that runs on Android and iOS in Kotlin Multiplatform projects — same HTTP client, platform-specific engines
- • Write async agent HTTP clients with coroutine-native suspend functions — no callback or RxJava wrapper needed
- • Add serialization, auth, logging, and retry plugins to agent HTTP clients with Ktor's composable plugin system
- • Use Ktor Client's WebSocket support for real-time agent communication across platforms including iOS
- • Create type-safe API clients for agent services with Ktor's Resources plugin (type-safe URL routing) for compile-time verified endpoints
Not For
- • JVM-only projects that don't need Kotlin Multiplatform — OkHttp + Retrofit has a more mature ecosystem for Android-only or JVM-only
- • Simple JVM scripting — the plugin configuration overhead is more than needed for quick JVM HTTP scripts; use Fuel or khttp
- • Non-Kotlin code — Ktor Client is Kotlin-only; use OkHttp (Java) or aiohttp (Python) for other languages
Interface
Authentication
Auth via Ktor's Auth plugin — BearerAuthProvider, BasicAuthProvider, and DigestAuthProvider. Token refresh via refreshTokens callback in BearerAuthProvider. OAuth via ktor-client-auth plugin.
Pricing
JetBrains open source project. Apache 2.0 license.
Agent Metadata
Known Gotchas
- ⚠ Ktor Client requires specifying an engine — HttpClient() without an engine uses the CIO engine on JVM but this can surprise Android developers who expect OkHttp default
- ⚠ HttpClient must be closed after use — each client creates a connection pool; not closing leaks threads; use client.close() or create a singleton application-level client
- ⚠ JSON serialization requires both the ContentNegotiation plugin AND the kotlinx.serialization plugin — forgetting either causes 'No transformation found' or 'Content-Type mismatch' errors
- ⚠ Ktor Client exceptions are wrapped in ResponseException — accessing status code requires (e as ResponseException).response.status; raw exception message may not include HTTP status
- ⚠ Multiplatform engine selection: CIO works on JVM/Android, Darwin on iOS, Js on JS — using wrong engine for platform causes build failures; use expect/actual or commonMain engine configuration
- ⚠ Ktor's HttpRequestRetry plugin retries on network errors but not on 4xx/5xx by default — configure retryOnServerErrors() explicitly for agent resilience on 5xx transient failures
Alternatives
Full Evaluation Report
Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Ktor Client.
Scores are editorial opinions as of 2026-03-06.